WIP: integration: Move provider password reset test

No clue how to get password reset code
wireapp · Feb 5, 2025 · c0b0696 · c0b0696
1 parent c87be1e
commit c0b0696
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/integration/test/API/Brig.hs b/integration/test/API/Brig.hs
@@ -600,6 +600,26 @@ loginProvider dom email pass = do
         setCookieHeader = CI.mk (T.encodeUtf8 . T.pack $ "Set-Cookie")
     pure . fromJust . foldMap (\(k, v) -> guard (k == setCookieHeader) $> v) $ hs
 
+requestProviderPasswordResetCode ::
+  (HasCallStack, MakesValue domain) =>
+  domain ->
+  String ->
+  App Response
+requestProviderPasswordResetCode domain email = do
+  req <- rawBaseRequest domain Brig Versioned $ joinHttpPath ["provider", "password-reset"]
+  submit "POST" $ req & addJSONObject ["email" .= email]
+
+completeProviderPasswordReset ::
+  (HasCallStack, MakesValue domain) =>
+  domain ->
+  Value ->
+  String ->
+  App Response
+completeProviderPasswordReset domain resetCode newPassword = do
+  req <- rawBaseRequest domain Brig Versioned $ joinHttpPath ["provider", "password-reset", "complete"]
+  body <- make (setField "password" newPassword resetCode)
+  submit "POST" $ req & addJSON body
+
 newService ::
   ( HasCallStack,
     MakesValue dom

diff --git a/integration/test/Test/Provider.hs b/integration/test/Test/Provider.hs
@@ -1,6 +1,7 @@
 module Test.Provider where
 
 import API.Brig
+import API.BrigInternal
 import qualified API.Cargohold as Cargohold
 import API.Common
 import qualified API.Nginz as Nginz
@@ -23,6 +24,28 @@ testProviderUploadAsset = do
   bindResponse (Nginz.uploadProviderAsset OwnDomain (cs cookie) "another profile pic") $ \resp -> do
     resp.status `shouldMatchInt` 201
 
+testProviderPasswordReset :: (HasCallStack) => App ()
+testProviderPasswordReset = do
+  withModifiedBackend
+    def
+      { brigCfg =
+          -- Disable password hashing rate limiting, so we can create enable services quickly
+          setField @_ @Int "optSettings.setPasswordHashingRateLimit.userLimit.inverseRate" 0
+      }
+    $ \domain -> do
+      provider <- setupProvider domain def {newProviderPassword = Just defPassword}
+      pid <- asString $ provider %. "id"
+      email <- asString $ provider %. "email"
+      requestProviderPasswordResetCode domain email >>= assertSuccess
+      resetCode <- getPasswordResetCode domain email >>= getJSON 200
+
+      completeProviderPasswordReset domain resetCode defPassword `bindResponse` \resp -> do
+        resp.status `shouldMatchInt` 403
+        resp.json %. "label" `shouldMatch` "something"
+
+      completeProviderPasswordReset domain resetCode "shiny-new-password" >>= assertSuccess
+      undefined pid email
+
 testProviderSearchWhitelist :: (HasCallStack) => App ()
 testProviderSearchWhitelist =
   withModifiedBackend